Inoculating Software for Survivability

1
Inoculating Software for Survivability

• Jian Song

2
Introduction

• Information warfare
• 95 Defense department communications relying on
  commercial infrastructure
• Wholesale payment system move trillions
• Society more wired
• The heart of National Information
  Infrastructure(NII) is Software

3
Topics of Discussion

• Fault Injection Analysis (FIA)
• Two applications of FIA
• Improve the survivability before softwares
  release
• A tool for fault injection security analysis
• Case studies of FIA
• Test the survivability of software in a fielded
  system (COTS)
• Failure simulation tool
• About the authors and the company

4
Fault Injection Analysis

• FIA originated out of testing IC
• Safety-critical systems (Surgical device, nuclear
  control)
• The process of corrupting a data state during
  program execution
• To determine the effect of unusual attacks
  against software
• Critical software within NII (OS, servers and
  clients, system utilities)

5
Improve the survivability of software before
release

• Commercial pressure to bring software to market
  gt little survivability testing
• Little tool support for such testing
• Aimed at software vendors
• Perform fault injection in source code
• Insecure or non-robust behavior

6
Fault Injection Security Tool (FIST)
Buffer overflow, data corruption String, fault
composition
Fault Injection Engine
Instrumented P
System State
Vulnerability Knowledge
Security Policy Assertion
Program Inputs
Statistical Collection
Strings and other variables Server
commands Configuration files Network traffic
Relative Security Metrics
7
Case studies of FIA

• Network daemons

Program Instrumented Locations Successful Simple Corruptions Successful Buffer Overruns Function Coverage
Sambra 1264 12 15 45.5
NCSA http 463 27 3 40.14
Wu-ftpd 476 11 3 58.62
Pop3 73 2 1 63.64
Kfingerd 146 12 5 38.1
8
Assessing the survivability of COTS

• Source code not available
• Robustness of software to anomalous events
• On the interfaces between the software
  application and OS
• Simulate failing system resources(memory
  allocation, I/O, Exceptions, network failure)
• Robust gt does not hang, crash or disrupt the
  system

9
Failure simulation tool for Windows application

• Wrapping interface with our own functions
• Win32 API, exist in DLLs
• Import address table(IAT) is modified
• The wrapper DLL called instead
• Tool, interactively fail OS functions
• Applied to any Win32 program

10
Retrofitting Survivability into COTS

• Inform software vendor of problems and hope for a
  patch
• Harden the application with software wrapper
• The wrapper will catch exceptions
• Returning a specified error value

11
Conclusions

• Off-nominal testing approach
• Author
• Anup K. Ghosh, Director of security research
• Jeffery M. Voas, Chief scientist
• Company
• Reliable Software Technologies in Sterling, VA
• http//www.rstcorp.com/